Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Incoming policy to match encrypted email

hi,

The action in the default policy is to quarantine Encrypted Messages.

There is a requirement to deliver encrypted messagesfrom a specific Sender (aaa@example.com) to a Recipient (bbb@test.com)

Created an incoming policy which matches this sender, and Antivirus policy is set to deliver encrypted messages.

how can we restrict this policy to be applicable only for messages from aaa@example.com to bbb@test.com

And have any encrypted message from aaa@example.com to any other recipients to be quarantined

regards

1 ACCEPTED SOLUTION

Accepted Solutions

Incoming policy to match encrypted email

You could set up a policy that applies to sender aaa@example.com where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not bbb@test.com then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

1 REPLY

Incoming policy to match encrypted email

You could set up a policy that applies to sender aaa@example.com where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not bbb@test.com then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

282
Views
0
Helpful
1
Replies
CreatePlease to create content